7.8
CVE-2025-37738 - ext4: ignore xattrs past end
In the Linux kernel, the following vulnerability has been resolved: ext4: ignore xattrs past end Once inside 'ext4_xattr_inode_dec_ref_all' we should ignore xattrs entries past the 'end' entry. This fixes the following KASAN reported issue: ======================================================β¦
5.5
CVE-2025-23147 - i3c: Add NULL pointer check in i3c_master_queue_ibi()
In the Linux kernel, the following vulnerability has been resolved: i3c: Add NULL pointer check in i3c_master_queue_ibi() The I3C master driver may receive an IBI from a target device that has not been probed yet. In such cases, the master calls `i3c_master_queue_ibi()` to queue an IBI work task,β¦
5.5
CVE-2025-37784 - net: ti: icss-iep: Fix possible NULL pointer dereference for perout request
In the Linux kernel, the following vulnerability has been resolved: net: ti: icss-iep: Fix possible NULL pointer dereference for perout request The ICSS IEP driver tracks perout and pps enable state with flags. Currently when disabling pps and perout signals during icss_iep_exit(), results in NULβ¦
5.5
CVE-2025-37793 - ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe()
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() devm_kasprintf() returns NULL when memory allocation fails. Currently, avs_component_probe() does not check for this case, which results in a NULL pointer dereference.
5.5
CVE-2025-37791 - ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll()
In the Linux kernel, the following vulnerability has been resolved: ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll() rpl is passed as a pointer to ethtool_cmis_module_poll(), so the correct size of rpl is sizeof(*rpl) which should be just 1 byte. Using the pointer size insteβ¦
7.5
CVE-2024-48907 -
Sematell ReplyOne 7.4.3.0 allows SSRF via the application server API.
5.5
CVE-2022-49899 - fscrypt: stop using keyrings subsystem for fscrypt_master_key
In the Linux kernel, the following vulnerability has been resolved: fscrypt: stop using keyrings subsystem for fscrypt_master_key The approach of fs/crypto/ internally managing the fscrypt_master_key structs as the payloads of "struct key" objects contained in a "struct key" keyring has outlived β¦
5.5
CVE-2025-23161 - PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type
In the Linux kernel, the following vulnerability has been resolved: PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type The access to the PCI config space via pci_ops::read and pci_ops::write is a low-level hardware access. The functions can be accessed with disabled interrupts even on PREEMPTβ¦
5.5
CVE-2022-49847 - net: ethernet: ti: am65-cpsw: Fix segmentation fault at module unload
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: Fix segmentation fault at module unload Move am65_cpsw_nuss_phylink_cleanup() call to after am65_cpsw_nuss_cleanup_ndev() so phylink is still valid to prevent the below Segmentation fault on module rβ¦
5.5
CVE-2025-37758 - ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()
In the Linux kernel, the following vulnerability has been resolved: ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() devm_ioremap() returns NULL on error. Currently, pxa_ata_probe() does not check for this case, which can result in a NULL pointer dereference. Add NULL cheβ¦